• Xanis@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    State actors? Maybe.

    It’s a bit tinhatty, though I’m betting on something akin to corporate espionage pointed at the Internet Archive.

    Could just be a 14 year old kid with a bit of talent too. Wouldn’t be the first time.

  • 🐋 Color 🔱 ♀@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 month ago

    I was wondering why I hadn’t been able to access Internet Archive yesterday… Who would take down what is the digital equivalent to the Library of Alexandria? I really hope the website can recover from the attack 🙏

    • person420@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Can’t figure out if this is a joke or serious, so just in case, you might want to look up what happened to the Library of Alexandria.

      • 🐋 Color 🔱 ♀@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Oh I already know about that. The Internet Archive has been dubbed the digital equivalent of the Library of Alexandria before, due to its size, similar purpose, and significance. My comparison was for that reason.

    • kent_eh@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Who would take down what is the digital equivalent to the Library of Alexandria?

      I can think of a few possibilities

      1: peddlers of misinformation

      2: people who love the poorly educated and want the misdeeds of their political allies to be forgotten.

      3: copyright trolls.

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don’t have to remember them due to using a password manager, so it’s really no skin off my nose.

    I’ll use this as a reminder to everyone to improve your security. Some ideas:

    • use a password manager and use random usernames and passwords
    • have multiple email accounts, and don’t use your “main” email w/ random signups - I use a simple mnemonic, like “<user>-<purpose>@domain.com”; so “me-shopping@domain.com” or “me-games@domain.com” so it’s easy for me to remember, but unlikely for a lazy hacker to pwn other accounts (a lot of these are automated); my real email is “me@different-domain.com
    • use 2FA if offered, even if it’s stupid SMS or email based; having any extra step can deter an attacker

    Sucks that people are targeting IA, I hope there isn’t any lasting damage and that this is a simple defacement/DOS.

    • asudox@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 month ago

      Point 2… if you pay for a email aliasing service, you will be locked in. What I suggest is using plus addressing. e.g.

      example+83hdo72@example.com
      

      As long as you keep using randomized ones, this’ll be as good as an alias against automated and manual login attempts. It just does not hide your base email, which would be

      example@example.com
      

      Many email services offer some free aliases. For example, I use one alias, along with my main email that is only used for important services. Other than that, I have an alias that is used for online accounts. This way, your main inbox is free of spammers. And even if your main address were to be the target of a spammer, the automatic spamming software most likely will not chop off the plus part, so you can easily block that email with the specific plus identifier. Not as good as external email aliasing services, but at least you won’t be locked into the email aliasing service. Bitwarden has a generator for such things, really nice tbh.

    • Julien Catanese@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I recently went through most of my accounts and randomized the username, with the thought here being to limit the likelihood of one site being compromised leading to accounts at other sites being compromised. I don’t have to remember them due to using a password manager, so it’s really no skin off my nose.

      I’ll use this as a reminder to everyone to improve your security. Some ideas:

      use a password manager and use random usernames and passwords
      have multiple email accounts, and don’t use your “main” email w/ random signups - I use a simple mnemonic, like “<user>-<purpose>@domain.com”; so “me-shopping@domain.com” or “me-games@domain.com” so it’s easy for me to remember, but unlikely for a lazy hacker to pwn other accounts (a lot of these are automated); my real email is “me@different-domain.com”
      use 2FA if offered, even if it’s stupid SMS or email based; having any extra step can deter an attacker
      

      Sucks that people are targeting IA, I hope there isn’t any lasting damage and that this is a simple defacement/DOS.

      thanks for the advices ! Would you recommend a particular password manager?

    • Pringles@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      For e-mails, you can just get firefox relay with your own subdomain and generate infinite e-mail masks for 1$ a month. I usually take “nameofshop@mysubdomain.mozmail.com” for example. It’s pretty great because you just make the masks on the fly.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 month ago

        Yup.

        If you use the same email everywhere, they can try brute-forcing the password by using the email instead of your username. Give them less to go on. $1/month is absolutely worth it to prevent an important account from getting hacked.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        The email mask is free without a subdomain. I use it for the odd random signups where the only thing I’m really interested in is not having another nobhead add me to their spam lists.

        • toynbee@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          For users of Gmail, I can confirm this works and you can even set it up so that address+nameofshop goes to a folder called “nameofshop.”

          You can also apparently add a dot anywhere before @gmail.com and still receive the email. I haven’t tried this one, but the last time I mentioned this someone said it was part of the email standard, so presumably it works.

          I don’t know of tricks specifically of this vein for proton mail, but I do know you can setup a catch-all address so, for example, something addressed to invalidaddress@domain.com goes instead to spam@domain.com.

          I’ve not tried SimpleLogin, but apparently it offers similar functionality.

        • Pringles@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          I didn’t know that actually. They can still deduce your actual email address from that, but for the identification of the culprit that would work as well.

      • xthexder@l.sw0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        I’ve been doing this for several years now (not specifically that service, since I have my own domains). It’s really nice knowing exactly who sold your email to the spam bots, because it’s right in the address. Super easy to block once that happens.

  • Schmoo@slrpnk.net
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    The corporations that took control of the Internet don’t want us to remember.

    • huiccewudu@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Spare a thought for the users with accounts who upload content to IA for you to enjoy.

    • nutsack@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 month ago

      with as long as this has been going on it really surprises me that nothing has come out as a motive. it seems kind of pointless to do this sort of thing and not make your intentions known

      maybe it’s a government or organization upset that they are keeping archives of things they don’t like

      • Syntha@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        The hacktivist group SN_BLACKMETA has claimed responsibility and cites US support of Israel as the motivation.

      • TachyonTele@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Apparently, from a different article, the hackers did it because ‘america bad’.
        Which is fine as a message I guess, but picking this website is dumb.

    • Majestic@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      In this case it’s looking like people trying to showcase their skill and possibly get bragging rights or at least a reputation for doing these attacks which they can use to earn money from others for these types of services.

    • 7fb2adfb45bafcc01c80@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I just sent a DMCA takedown last week to remove my site. They’ve claimed to follow meta tags and robots.txt since 1998, but no, they had over 1,000,000 of my pages going back that far. They even had the robots.txt configured for them archived from 1998.

      I’m tired of people linking to archived versions of things that I worked hard to create. Sites like Wikipedia were archiving urls and then linking to the archive, effectively removing branding and blocking user engagement.

      Not to mention that I’m losing advertising revenue if someone views the site in an archive. I have fewer problems with archiving if the original site is gone, but to mirror and republish active content with no supported way to prevent it short of legal action is ridiculous. Not to mention that I lose control over what’s done with that content – are they going to let Google train AI on it with their new partnership?

      I’m not a fan. They could easily allow people to block archiving, but they choose not to. They offer a way to circumvent artist or owner control, and I’m surprised that they still exist.

      So… That’s what I think is wrong with them.

      From a security perspective it’s terrible that they were breached. But it is kind of ironic – maybe they can think of it as an archive of their passwords or something.

      • Red Army Dog Cooper@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        how do you expect an archive to happen if they are not allowed to archive while it is still up. How are you suposed to track changed or see how the world has shifted. This is a very narrow and in my opinion selfish way to view the world

        • 7fb2adfb45bafcc01c80@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          how do you expect an archive to happen if they are not allowed to archive while it is still up.

          I don’t want them publishing their archive while it’s up. If they archive but don’t republish while the site exists then there’s less damage.

          I support the concept of archiving and screenshotting. I have my own linkwarden server set up and I use it all the time.

          But I don’t republish anything that I archive because that dilutes the value of the original creator.

          • zarkanian@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 month ago

            A couple of good examples are lifehacker.com and lifehack.org. Both sites used to have excellent content. The sites are still up and running, but the first one has turned into a collection of listicles and the second is an ad for an “AI-powered life coach”. All of that old content is gone and is only accessible through the Internet Archive.

            In fact, many domains never shut down, they just change owners or change direction.

            • 7fb2adfb45bafcc01c80@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 month ago

              Again, isn’t that the site’s prerogative?

              I think there should at least be a recognized way to opt-out that archive.org actually follows. For years they told people to put

              User-agent: ia_archiver
              Disallow:
              ``` /
              
              in robots.txt, but they still archived content from those sites.  They refuse to publish what IP addresses they pull content down from, but that would be a trivial thing to do.  They refuse to use a UserAgent that you can filter on.  
              
              If you want to be a library, be open and honest about it.  There's no need to sneak around.
              
            • 7fb2adfb45bafcc01c80@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 month ago

              Shouldn’t that be the content creator’s prerogative? What if the content had a significant error? What if they removed the page because of a request from someone living in the EU requested it under their laws? What if the page was edited because someone accidentally made their address and phone number public in a forum post?

              • Landsharkgun@midwest.social
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 month ago

                Nah. It just lets slimy gits claim they never said XYZ, or that such and such a thing never happened. With as volatile a storage media as internet media, hard backups are absolutely necessary. Put it this way; would you have the same complaimt about a newspaper? A TV show? Post your opinion piece to a newspaper and it’s fixed in ink forever. Yet somehow you complain when that same opinion piece is on a website? Get outta here.

                • 7fb2adfb45bafcc01c80@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 month ago

                  Like I said, I have no problems with individuals archiving it and not republishing it.

                  If I take a newspaper article and republish it on my site I guarantee you I will get a takedown notice. That will be especially true if I start linking to my copy as the canonical source from places like Wikipedia.

                  It’s a fine line. Is archive.org a library (wasn’t there a court case about this recently…) or are they republishing?

                  Either way, it doesn’t matter for me any more. The pages are gone from the archive, and they won’t archive any more.

      • Duamerthrax@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Not to mention that I’m losing advertising revenue if someone views the site in an archive.

        No one is using Internet Archive to bypass ads. Anyone who would think of doing that already has ad blockers on.

          • Duamerthrax@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 month ago

            I completely understood. No one is going to IA as their first stop. They’re only going there if they want to see a history change or if the original site is gone.

              • ikidd@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                1 month ago

                Because if you’re referencing something specific, why would you take the chance that someone changes that page? Are you going to monitor that from then on and make sure it’s still correct/relevant? No, you take what is effectively a screenshot and link to that.

                You aren’t really thinking about this from any standpoint except your advertising revenue.

                • 7fb2adfb45bafcc01c80@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 month ago

                  I’m thinking about it from the perspective of an artist or creator under existing copyright law. You can’t just take someone’s work and republish it.

                  It’s not allowed with books, it’s not allowed with music, and it’s not even allowed with public sculpture. If a sculpture shows up in a movie scene, they need the artist’s permission and may have to pay a licensing fee.

                  Why should the creation of text on the internet have lesser protections?

                  But copyright law is deeply rooted in damages, and if advertising revenue is lost that’s a very real example.

                  And I have recourse; I used it. I used current law (DMCA) to remove over 1,000,000 pages because it was my legal right to remove infringing content. If it had been legal, they wouldn’t have had to remove it.

      • Adanisi@lemmy.zip
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 month ago

        Wah wah wah, my stuff’s been preserved and I dont like it.

        Not to mention that I lose control over what’s done with that content – are they going to let Google train AI on it with their new partnership?

        Lmao you think Google needs to go through Archive to scrape your site? Delusional.

        Not to mention that I’m losing advertising revenue if someone views the site in an archive.

        The mechanisms used to serve ads over the internet nowadays are nasty in a privacy sense, and a psychological manipulation sense. And you want people to be affected by them just to line your pockets? Are you also opposed to ad blockers by any chance?

        I have fewer problems with archiving if the original site is gone, but to mirror and republish active content with no supported way to prevent it short of legal action is ridiculous.

        And how do you suggest a site which has been wiped off the face of the internet gets archived? Maybe we need to invest in a time machine for the Internet Archive?

        Sites like Wikipedia were archiving urls and then linking to the archive, effectively removing branding and blocking user engagement.

        What do you mean by “engagement”, exactly? Clicking on ads?

        • 7fb2adfb45bafcc01c80@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          In SEO terms user engagement refers to how people interact with the website. Do they click on another link? Does a new blog posting interest them?

          • Adanisi@lemmy.zip
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            1 month ago

            archive.org could archive the content and only publish it if the page has been dark for a certain amount of time.

            It’s user-driven. Nothing would get archived in this case. And what if the content changes but the page remains up? What then? Fairly sure this is why Wikipedia uses archives.

            I agree that many sites use advertising in a different way. I use it in the older internet sense – someone contacts me to sponsor a page or portion of the site, and that page gets a single banner, created in-house, with no tracking. I’ve been using the internet for 36 years. I’m well aware of many uses that I view as unethical, and I take great pains not to replicate them on my own site.

            Pretty sure mainstream ad blockers won’t block a custom in-house banner. And if it has no tracking, then it doesn’t matter whether it’s on Archive or not, you’re getting paid the same, no?

            Pr

            • 7fb2adfb45bafcc01c80@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 month ago

              It’s user-driven. Nothing would get archived in this case. And what if the content changes but the page remains up? What then? Fairly sure this is why Wikipedia uses archives.

              That’s a good point.

              Pretty sure mainstream ad blockers won’t block a custom in-house banner. And if it has no tracking, then it doesn’t matter whether it’s on Archive or not, you’re getting paid the same, no?

              Some of them do block those kinds of ads – I’ve tried it out with a few. If it’s at archive.org I lose the ability to report back to the sponsor that their ad was viewed ‘n’ times (unless, ironically, if I put a tracker in). It also means that if sponsorship changes, the main drivers of traffic like Wikipedia may not see that. It makes getting new sponsors more difficult because they want something timely for seasonal ads. Imagine sponsoring a page, but Wikipedia only links to the archived one. Your ad for gardening tools isn’t reflected by one of the larger drivers of traffic until December, and nobody wants to buy gardening tools in December.

              Yes, I could submit pages to archive.org as sponsorship changes if this model continues.

              It was a much bigger deal when we used Google ads a decade ago, but we stopped in early 2018 because tracking was getting out of hand.

              If I was submitting pages myself I’d be all for it because I could control when it happened. But there have times when I’ve edited a page and totally screwed it up, and archive.org just happened to grab it at that moment when the formatting was all weird or the wrong picture was loaded. I usually fix the page and forget about it until I see it on archive.org later.

              I asked for pages like that to be removed, but archive.org was unresponsive until I used a DMCA takedown notice.

          • StopJoiningWars@discuss.online
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 month ago

            SEO killed the internet. You’re literally part of the reason why people go look for alternatives to viewing your website, no one wants ads.

            • 7fb2adfb45bafcc01c80@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              1 month ago

              I don’t think you know what SEO is. I think you know what bad SEO is.

              Anyhow, Wikipedia is always free to link somewhere else if they can find better content.

      • jqubed@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        About the only thing I can agree with you on here is I don’t like when people on Wikipedia archive a link and then list that as the primary source in the reference instead of the original link. Wikipedia (at least in English) has a proper method to follow for citations with links and the archived version should only become the primary if the original source is dead or has changed and no longer covers the reference.

        They should also honor a DMCA takedown and robots.txt, but at least with the DMCA I’m sure there’s a backlog. Personally I’ve always appreciated the archive’s existence, though, and would think their impact is small enough that it’s better to have them than block them.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      There’s currently a fuck ton of hacking going on everywhere maybe just prior to the US elections maybe something unrelated but there’s definitely a concerted effort to turn the internet on its head.

    • Jordan117@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Dipshits thought it was affiliated with the US government and attacked it to “avenge” Gaza.

    • Toes♀@ani.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Yeah, this is a bit like vandalizing a library. They are providing a valuable public service, leave them alone.

      • GrymEdm@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Yeah, and what kind of psychos would want to restrict public access to books in libraries?!?! I’m not on the conspiracy train until there’s proof and I agree with your post. Just saw a bit of irony there since a lot of North Americans are currently in the process of dismantling libraries.

    • GrymEdm@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 month ago

      I have zero proof of this so take this for the musing it is, but the Internet Archive/Wayback Machine can be used to view articles that have been taken offline (sometimes for political reasons). The IA is a very accessible way to prove that once something is on the Internet, it’s out there forever. I used it in a recent post to show an Israeli newspaper article that argued Israel had a right to not just Palestine, but Lebanon, Syria, Iraq, and other territories. It was taken off the newspaper’s website a few days later, but IA had it.

      Or it very well could be another reason, including people just being assholes.

    • GregorGizeh@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      We see this and think of an amazing and essential public service. A capitalist sees this and tries to find a way to make money with it, and the first step is to ruin the free product.

    • Blaster M@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Archived something someone doesn’t want to be seen by the world… like any and all since-removed misinformation for one…

        • ZeroCool@slrpnk.net
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          It’s likely to just be some randos doing it for the lulz and IA was vulnerable for whatever reason. Book publishers have sadly been enjoying plenty of success in court against IA. They don’t need to get their hands dirty.

    • ZagamTheVile@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      It’s probably for the lulz I guess. There’s only a few places left on the internet that are decent and good, archive being one, so why not shit all over it? People are so dumb.

  • deranger@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 month ago

    Just got an email from HaveIBeenPwned.com stating 31 million logins were leaked. Email address, username, and bcrypt hashed passwords were obtained.

    Edit: probably should have read the article before posting

  • g1ya777@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    I used a 64 charcters unique password, so i don’t think the bcrypt hash of it would be of any use for them.

    • Case@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I take it you’ve never had to log into a printer with an AD account before?

      Yeah, I went out to 32 characters once. Until I needed to work on a printer.